[News] Excellent New Proof That Secret Proprietary Code is Insecure - Linux

This is a discussion on [News] Excellent New Proof That Secret Proprietary Code is Insecure - Linux ; Wikipedia-reading boffins jimmy keyless door to entire universe ,----[ Quote ] | "If they had made it public they would have found out 20 years ago that it's | insecure," Kasper said in an interview. "Now it's a little bit ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: [News] Excellent New Proof That Secret Proprietary Code is Insecure

  1. [News] Excellent New Proof That Secret Proprietary Code is Insecure

    Wikipedia-reading boffins jimmy keyless door to entire universe

    ,----[ Quote ]
    | "If they had made it public they would have found out 20 years ago that it's
    | insecure," Kasper said in an interview. "Now it's a little bit too late,
    | because it's already built into all the garages and cars."
    `----

    http://www.theregister.co.uk/2008/04...ter_key_found/

    Well, that's going to cost.


    Related:

    Why proprietary code is bad for security

    ,----[ Quote ]
    | Tho Skype is using an encrypted protocol, it’s still their own, non-disclosed
    | code and property. So we don’t know what it contains.
    |
    | [...]
    |
    | It’s time to stop accepting that we are the bad guys, and to stop consuming
    | things we just don’t understand (and cannot, because they are proprietary,
    | closed-source systems).
    |
    | Say no to companies, or even governments who treat you like this. Start using
    | open sourced products and protocols wherever you can. Even if you could
    | still never understand the code used in these systems, there are still lots
    | of people who can, and who will examine it. The magic word here is “peer
    | review” - your friend or buddy or neighbour may be able to understand all
    | that, and to help. No, not with Skype or Windows or any black box from Cisco.
    `----

    http://wolfgang.lonien.de/?p=394


    Teen hacker re-unlocks Apple's iPhone

    ,----[ Quote ]
    | Last year, 17-year-old Geohot was among the first group of hackers to break
    | Apple's iron-fisted grasp on the iPhone, a coup that won him a Nissan 350Z
    | and 3 8GB iPhones. Apple promptly responded by issuing updated firmware that
    | stymied such efforts. Not only did the updates disable modified phones,
    | effectively turning them into $400 bricks, they also prevented unlocking
    | software from working in many cases. The arms race has persisted ever since.
    `----

    http://www.theregister.co.uk/2008/02...t_iphone_hack/


    RealPlayer named by StopBadware.org

    ,----[ Quote ]
    | RealPlayer 10.5, it claims, "fails to accurately and completely disclose the
    | fact that it installs advertising software on the user's computer." And
    | RealPlayer 11, it claims, "does not disclose the fact that it installs
    | Rhapsody Player Engine software, and fails to remove this software when
    | RealPlayer is uninstalled." Ryan Lukin, PR manager for RealNetworks, disputed
    | some of the claims.
    `----

    http://www.news.com/8301-10789_3-986...=2547-1_3-0-20


    Consumer-control industry and their security damnation

    ..----[ Quote ]
    | By some ironic fortune, proprietary vendors like Apple and
    | Microsoft will likely always suffer this damnation that their
    | consumer-control inspired proprietary nature always brings with
    | itself: security problems - exactly the thing they claim to prevent
    | by being so control obsessed. You can stay damned with them or you
    | can break free.
    `----

    http://www.libervis.com/article/cons...rity_damnation


    The Security of Free Software

    ,----[ Headings ]
    | 1 SECURE FREEDOM
    |
    | * * * 1.1 "TRUE FREENESS"
    |
    | * * * 1.2 "THE COMMUNITY EFFECT"
    |
    | 2 SECURE TECHNOLOGY
    |
    | * * * 2.1 "GIVEN ENOUGH EYEBALLS ALL BUGS ARE SHALLOW"
    |
    | * * * 2.2 "TESTED BY THE BEST"
    `----

    http://www.libervis.com/article/the_..._free_software


    [Security:] Mozilla Thunderbird vs. Microsoft Outlook

    ,----[ Quote ]
    | For me, I’m going to stick with anything but Outlook for email for the
    | reasons I’ve cited above.
    `----

    http://www.esecurityplanet.com/article.php/3702831


    E-mail inventor: I didn't foresee spam

    ,----[ Quote ]
    | He uses Thunderbird, an e-mail application developed by Mozilla, the company
    | which distributes the Firefox web browser, but he also has a Gmail account.
    |
    | He said he once had to use Outlook – “I didn’t find it particularly
    | attractive”, and that for a time he blocked all incoming messages from *
    | Hotmail, “because they used to carry a lot of viruses – though they’ve
    | clamped down on that.” *
    `----

    http://technology.timesonline.co.uk/...cle3525110.ece


    How secure are Linux, Window and Mac OS?

    http://www.masuran.org/node/29

    Why Windows is less secure than Linux

    http://blogs.zdnet.com/threatchaos/?p=311


    Linux more secure than Windows, national survey shows

    http://www.xomba.com/linux_more_secu...l_survey_shows


    Microsoft Windows: Insecure by Design

    http://www.washingtonpost.com/ac2/wp...nguage=printer


    If Only We Knew Then What We Know Now About Windows XP

    http://www.washingtonpost.com/wp-dyn...rss_technology


    Why Windows is a security nightmare.

    http://www.smh.com.au/articles/2004/...120110704.html


    The Structural Failures of Windows

    http://www.theinquirer.net/default.aspx?article=15305


    Linux Security: A Big Edge Over Windows

    http://www.linuxinsider.com/rsstory/54742.html


    Diebold Can't Sell E-Voting Subsidiary

    ,----[ Quote ]
    | Diebold fails to sell its electronic voting business, changes the
    | subsidiary's name to Premier Election Solutions.
    `----

    http://www.pcworld.com/article/id,13...s/article.html


    Diebold Voting Machines Vulnerable to Virus Attack

    ,----[ Quote ]
    | An analysis of Diebold's source code shows that a hacker with access to a
    | single voting machine could use a virus to affect an election.
    |
    | [...]
    |
    | The delayed release of the source-code review meant that David Wagner, an
    | associate professor of computer science at the University of California at
    | Berkeley and an author of the report, was not able to present his findings at
    | a public hearing held on July 30 to discuss the results of the voting system
    | review.
    `----

    http://www.pcworld.com/printable/art...rintable.html#


    Most vote machines lose test to hackers

    ,----[ Quote ]
    | "The vendors appeared to have designed systems that were not high assurance
    | (of security)," said Bishop, a recognized expert on computer security. "The
    | security seems like it was added on.'' *
    `----

    http://sfgate.com/cgi-bin/article.cg...TING.TMP&tsp=1


    The Future of Elections: Open Source Voting

    ,----[ Quote ]
    | But how would you feel if Microsoft Windows was powering the voting booth in
    | which you were to select important elected officials? Would you, knowing of
    | Microsoft's past security record, feel confident that using this OS and not
    | being allowed to inspect the code, feel safe knowing that these machines
    | could very well help to dictate the future of your perspective countries?
    | Don't feel guilty, I don't really like it either. * *
    `----

    http://www.osweekly.com/index.php?op...k=view&id=2610


    E-voting vendor succumbs to California source code demands

    ,----[ Quote ]
    | "... there are serious concerns regarding the motivations and apparent
    | personal agendas of a number of the currently proposed examiners," ES&S
    | exec StevenPearson wrote in a letter agreeing to turn over the source
    | code.
    `----

    http://www.theregister.co.uk/2007/06...de_disclosure/


    John Edwards supports "open source" for voting systems

    ,----[ Quote ]
    | John Edwards has become the first presidential candidate to support
    | "open source code" for election systems.
    `----

    http://www.freepress.org/departments...y/19/2007/2662


    Graphics drivers are malware compliant

    ,----[ Quote ]
    | Whilst Microsoft claimed to have closed off that exploit for the final
    | release of Vista, there are still plenty of ways to attack Windows Vista and
    | install malicious rootkits, which her presentation yesterday proved. By using
    | the Nvidia driver as a proxy for writing code to the kernel, she showed how a
    | rootkit was able to bypass Vista's kernel protection system, which claims to
    | prevent unsigned and unreliable code causing problems. * *
    `----

    http://www.theinquirer.net/default.aspx?article=41440

  2. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure

    On Sun, 06 Apr 2008 16:03:54 +0100, Roy Schestowitz wrote:

    > Wikipedia-reading boffins jimmy keyless door to entire universe
    >
    > ,----[ Quote ]
    >| "If they had made it public they would have found out 20 years ago that it's
    >| insecure," Kasper said in an interview. "Now it's a little bit too late,
    >| because it's already built into all the garages and cars."
    > `----
    >
    > http://www.theregister.co.uk/2008/04...ter_key_found/
    >
    > Well, that's going to cost.


    Yeah, the attacker.

    It costs about $3000 in equipment and a lot of skill. Then, you have to be
    within 100 meters of the key when it's used to get the code.

    It's a lot cheaper and easier to use a crowbar.

    The only people interested in this will be high value professional thieves,
    and if you are leaving your priceless art collection in your garage or car
    without any kind of additional security, you asking for what you get.

    However, this does just prove my point about security being binary. You
    wake up one day, and what you thought was secure isn't, beause it never
    was.

  3. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure


    It lasted 28 years, Roy. That's actually a pretty good security record.

    --
    --Tim Smith

  4. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure

    On Sun, 06 Apr 2008 12:25:12 -0700, Tim Smith wrote:

    > It lasted 28 years, Roy. That's actually a pretty good security record.


    A lot better than Roy Schestowitz's server!
    Hahahaha!
    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  5. Re: [News] Excellent New Proof That Secret Proprietary Code isInsecure

    On Sun, 06 Apr 2008 15:40:52 -0400, Moshe Goldfarb wrote:

    > On Sun, 06 Apr 2008 12:25:12 -0700, Tim Smith wrote:
    >
    >> It lasted 28 years, Roy. That's actually a pretty good security
    >> record.

    >
    > A lot better than Roy Schestowitz's server! Hahahaha!


    How long did yours last? HAHAHHAHAHAHAHA


    --
    Rick

  6. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure


  7. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure


  8. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure


  9. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure

    On Sun, 06 Apr 2008 14:51:05 -0500, Rick wrote:

    > On Sun, 06 Apr 2008 15:40:52 -0400, Moshe Goldfarb wrote:
    >
    >> On Sun, 06 Apr 2008 12:25:12 -0700, Tim Smith wrote:
    >>
    >>> It lasted 28 years, Roy. That's actually a pretty good security
    >>> record.

    >>
    >> A lot better than Roy Schestowitz's server! Hahahaha!

    >
    > How long did yours last? HAHAHHAHAHAHAHA


    It's still up and running.
    Four years and counting if you must know.
    It's NOT the one listed in my sig BTW.
    I don't know who runs that one, I am merely spreading the word.

    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  10. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure


  11. Re: [News] Excellent New Proof That Secret Proprietary Code is Insecure

    On 2008-04-06, Erik Funkenbusch claimed:
    > On Sun, 06 Apr 2008 16:03:54 +0100, Roy Schestowitz wrote:
    >
    >> Wikipedia-reading boffins jimmy keyless door to entire universe
    >>
    >> ,----[ Quote ]
    >>| "If they had made it public they would have found out 20 years ago that it's
    >>| insecure," Kasper said in an interview. "Now it's a little bit too late,
    >>| because it's already built into all the garages and cars."
    >> `----
    >>
    >> http://www.theregister.co.uk/2008/04...ter_key_found/
    >>
    >> Well, that's going to cost.

    >
    > Yeah, the attacker.
    >
    > It costs about $3000 in equipment and a lot of skill. Then, you have to be
    > within 100 meters of the key when it's used to get the code.
    >
    > It's a lot cheaper and easier to use a crowbar.
    >
    > The only people interested in this will be high value professional thieves,
    > and if you are leaving your priceless art collection in your garage or car
    > without any kind of additional security, you asking for what you get.
    >
    > However, this does just prove my point about security being binary. You
    > wake up one day, and what you thought was secure isn't, beause it never
    > was.


    Then it never was secure. Unless a /new/ tool comes along to break
    security. Then it's as secure as possible until new conditions come
    into exitence.

    Which is different from your "binary" mumbo-jumbo, which you claim is:
    you are or you aren't, with no variations. That's it, go or no-go. Not
    "secure if you don't install this" or "insecure unless you uninstall
    that." Not "secure until somebody finds a way to use a tool that might
    not even exist yet to break security." No, it's black or white.

    --
    Hey Santa! How much for your list of naughty girls?

+ Reply to Thread